Changes between 1.0.0f and 1.0.1 [xx XXX xxxx]
+ *) Add support for TLS/DTLS heartbeats.
+ [Robin Seggelmann <seggelmann@fh-muenster.de>]
+
+ *) Add support for SCTP.
+ [Robin Seggelmann <seggelmann@fh-muenster.de>]
+
+ *) Improved PRNG seeding for VOS.
+ [Paul Green <Paul.Green@stratus.com>]
+
+ *) Extensive assembler packs updates, most notably:
+
+ - x86[_64]: AES-NI, PCLMULQDQ, RDRAND support;
+ - x86[_64]: SSSE3 support (SHA1, vector-permutation AES);
+ - x86_64: bit-sliced AES implementation;
+ - ARM: NEON support, contemporary platforms optimizations;
+ - s390x: z196 support;
+ - *: GHASH and GF(2^m) multiplication implementations;
+
+ [Andy Polyakov]
+
+ *) Make TLS-SRP code conformant with RFC 5054 API cleanup
+ (removal of unnecessary code)
+ [Peter Sylvester <peter.sylvester@edelweb.fr>]
+
*) Add -attime option to openssl utilities.
[Peter Eckersley <pde@eff.org>, Ben Laurie and Steve Henson]
*) Add SRP support.
[Tom Wu <tjw@cs.stanford.edu> and Ben Laurie]
- *) Add -attime option to openssl verify.
- [Peter Eckersley <pde@eff.org> and Ben Laurie]
-
*) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
[Steve Henson]
Changes between 1.0.0e and 1.0.0f [xx XXX xxxx]
+ *) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
+ [Adam Langley (Google)]
+
+ *) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027)
+ [Andrey Kulikov <amdeich@gmail.com>]
+
+ *) Prevent malformed RFC3779 data triggering an assertion failure.
+ Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
+ and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
+ [Rob Austein <sra@hactrn.net>]
+
*) Fix ssl_ciph.c set-up race.
[Adam Langley (Google)]